what you don't know can hurt you
Showing 1 - 6 of 6 RSS Feed

CVE-2013-2174

Status Candidate

Overview

Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character.

Related Files

Gentoo Linux Security Advisory 201401-14
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-14 - Multiple vulnerabilities have been found in cURL, allowing attackers to execute arbitrary code or cause Denial of Service. Versions less than 7.34.0-r1 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2013-0249, CVE-2013-1944, CVE-2013-2174, CVE-2013-6422
MD5 | 3ce972737b30b0c5dc026e59570caab5
Ubuntu Security Notice USN-1894-1
Posted Jul 2, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1894-1 - Timo Sirainen discovered that libcurl incorrectly handled memory when parsing URL encoded strings. An attacker could possibly use this issue to cause libcurl to crash, leading to a denial of service, or execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-2174
MD5 | 64cb425c8db8d0271efc95c1417a28ab
Mandriva Linux Security Advisory 2013-180
Posted Jun 27, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-180 - libcurl is vulnerable to a case of bad checking of the input data which may lead to heap corruption. The function curl_easy_unescape() decodes URL encoded strings to raw binary data. URL encoded octets are represented with \%HH combinations where HH is a two-digit hexadecimal number. The decoded string is written to an allocated memory area that the function returns to the caller. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2013-2174
MD5 | ce001f7e3f8ac0ca3d741d058b0161c2
Red Hat Security Advisory 2013-0983-01
Posted Jun 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0983-01 - cURL provides the libcurl library and a command line tool for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. A heap-based buffer overflow flaw was found in the way libcurl unescaped URLs. A remote attacker could provide a specially-crafted URL that, when processed by an application using libcurl that handles untrusted URLs, would possibly cause it to crash or, potentially, execute arbitrary code.

tags | advisory, remote, web, overflow, arbitrary, protocol
systems | linux, redhat
advisories | CVE-2013-2174
MD5 | d19c014f0dea84b64804cd3dc62b3167
Debian Security Advisory 2713-1
Posted Jun 24, 2013
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2713-1 - Timo Sirainen discovered that cURL, an URL transfer library, is prone to a heap overflow vulnerability due to bad checking of the input data in the curl_easy_unescape function.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2013-2174
MD5 | dc1cd459b62ba5a013c0d494842e444b
Slackware Security Advisory - curl Updates
Posted Jun 24, 2013
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New curl packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix a security issue. Related CVE Numbers: CVE-2013-2174.

tags | advisory
systems | linux, slackware
advisories | CVE-2013-2174
MD5 | 49fcda0965ed7330fe5937c109da44e1
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close